Lucene search

[email protected]NVD:CVE-2024-1402

HistoryFeb 09, 2024 - 4:15 p.m.

CVE-2024-1402

2024-02-0916:15:07

CWE-400

[email protected]

web.nvd.nist.gov

mattermost

custom emoji

mobile app

server

security vulnerability

denial of service

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post and to crash the server due to overloading when clients attempt to retrive the aforementioned post.

Affected configurations

Nvd

Node

mattermostmattermost_serverRange≤8.1.7

mattermostmattermost_serverRange9.0.0–9.1.4

mattermostmattermost_serverRange9.2.0–9.2.3

VendorProductVersionCPE
mattermostmattermost_server*cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mattermost	mattermost_server	*	cpe:2.3:a:mattermost:mattermost_server::::::::

References

mattermost.com/security-updates

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

AI Score

4.3

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

Related for NVD:CVE-2024-1402

osv8 prion1 veracode1 cve1 cnvd1 cvelist1 vulnrichment1 nessus1 github1